InjEctOr5 TeaM

4 exploits Active since May 2008
CVE-2008-2342 EXPLOITDB text WORKING POC
News Manager 2.0 - Path Traversal via Attachments.php ID Parameter
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2008-2341 EXPLOITDB text WORKING POC
News Manager 2.0 - Remote Code Execution via ch_readalso.php read_xml_include Parameter
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.
CVE-2008-2340 EXPLOITDB text WORKING POC
News Manager 2.0 - SQL Injection via lang or pid Parameter
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
CVE-2008-2343 EXPLOITDB text WORKING POC
News Manager 2.0 - Information Disclosure via Direct Request
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.